Wednesday, 22 January 2014

77 per cent of company data breaches are caused by employees

The survey found that almost a
quarter of Irish companies have experienced multiple data breaches over the
past twelve months.

MORE THAN HALF of Irish companies have experienced a data breach in the
last twelve months, the majority of which are caused by staff members.

A new report from the Irish Computer Society (ICS), which surveyed IT
administrators working in 256 Irish-based companies, found that 51 per cent of
companies experienced a data breach in the past twelve months, while 22 per
cent experienced multiple breaches.

The majority said that staff members were the main cause of data
breaches with 77 per cent of incidents caused by “negligent employees.”

Other threats that concerned IT managers were unsecure end user devices,
such as unencrypted laptops containing sensitive data, and external attackers
trying to obtain data.

When asked about the correct adoption of data protection procedures,
more than one in three said that policies are not implemented or are just
partially implemented. Only 39 per cent said that its data protection policies
were fully implemented.

The report also found that most employees were satisfied with the level
of training they received in data protection with 57 per cent saying they
received the right amount. 24 per cent of those surveyed said they received no
training in this area, while 16 per cent said they received insufficient
training.

The Chairman of the Association of Data Protection Officers, Fintan
Swanton, believed it highlighted the need for organisations to take steps in
managing their company’s data.

Employees might appreciate the importance of data security, but
organisations need to instil a culture of compliant data management… It is as
much a case of protecting the organisation’s commercial reputation, as it is of
protecting the individual’s privacy.

The survey comes after new data protection legislation come into effect.
The new legislation will require most organisations to have a Data Protection
Officer.